What Is Device Supervision?
In Apple Mobile Device Management (MDM), a supervised device indicates that the device is institutionally owned and fully managed by the organization. Supervision enables enhanced administrative control, which is ideal for corporate or educational use.
A supervised device explicitly indicates its status within the Settings on iOS and macOS, clearly informing users that an organization manages their device.
Supervised vs. Standard MDM Enrollment
Standard (Unsupervised) Enrollment
Standard enrollment offers basic device management, suitable for BYOD scenarios. Users retain significant control and can easily remove management profiles, limiting the security and policy enforcement capabilities of the organization.
Supervised Enrollment
Supervised enrollment grants organizations advanced controls and restrictions not possible in standard enrollment. These include:
Disabling native apps (App Store, iMessage, FaceTime, Safari).
Enforcing Single App Mode (kiosk mode).
Silently installing or removing apps.
Enabling web content filtering and global proxies.
Using Lost Mode and remotely tracking device location.
Managing Activation Lock with bypass codes.
Ensuring MDM profiles cannot be removed by users.
How Devices Become Supervised
Devices become supervised through specific enrollment methods:
Automated Device Enrollment (ADE)
Formerly known as DEP, ADE enables automatic supervision during device setup. Devices enrolled via Apple Business Manager (ABM) or Apple School Manager automatically become supervised, offering secure and seamless management.
Apple Configurator
This manual method requires connecting the device to a Mac or using the Apple Configurator app. This approach wipes the device, applies supervision, and optionally enrolls it into ABM or MDM.
Supervision Differences Between iOS/iPadOS and macOS
iOS/iPadOS: Devices must be supervised via ADE or Apple Configurator at initial setup. Once unsupervised, they require wiping for supervision.
macOS: Any macOS device enrolled in MDM from macOS Big Sur onwards is automatically supervised upon enrollment approval. Supervised Macs enrolled via ADE can have non-removable profiles, significantly improving management and security.
Practical Implications for IT Administrators
Planning: Ensure devices intended for strict management are enrolled via ADE.
Security: Supervised devices greatly enhance security posture by enabling critical restrictions.
Support: Supervision enables more comprehensive troubleshooting, diagnostics, and remote management capabilities.
User Transparency: Clearly communicate the level of control and monitoring supervision entails.
In summary, supervised mode is critical for robust device management in organizations, enabling stronger policy enforcement, improved security, and enhanced administrative capabilities.